I used to use psad as well, but perl was misbehaving, and sometimes psad
would consumme to much CPU. In such context, I prefer Snort IDS to consumme
my cpu :)
On Mon, Feb 20, 2017 at 7:28 PM, <[email protected]> wrote:
> Hmmm.... On second thought, perhaps that suggestion wasn't helpful
> either. Apologies for the unhelpful posts. However I do think that
> "psad" ("Port Scan Attack Detection") would get you the result you're
> looking for:
> https://www.digitalocean.com/community/tutorials/how-to-
> use-psad-to-detect-network-intrusion-attempts-on-an-ubuntu-vps
>
> ...right?
>
> On Mon, Feb 20, 2017, at 02:05 PM, [email protected] wrote:
> > Hmmm... Misunderstood your question.
> > Not sure if this would work for you- will mention it just in case...
> > ...I handle this one by allowing Public Key authentication only:
> >
> > # Upload a public key and disable other authentication methods
> > # in /etc/ssh/sshd_config:
> > ChallengeResponseAuthentication no
> > KbdInteractiveAuthentication no
> > PasswordAuthentication no
> >
> > On Mon, Feb 20, 2017, at 01:20 PM, J. Fahrner wrote:
> > > Am 20.02.2017 um 18:56 schrieb [email protected]:
> > > > Apache "Mod Evasive" can be configured to block based on rate
> > > > (those scans are coming in at a rate of more than ten per
> second,
> > > > apparently).
> > >
> > > Hi pjc904,
> > > portscans have nothing to do with Apache. A portscan is, when someone
> > > tries to find open ports on your system, and then tries to break in
> > > using vulnerities of the service behind that port. Most likely they are
> > > searching for ssh, telnet or ftp services to break in. To detect such
> > > scans I closed all ports at the firewall (except those that I need) and
> > > log attempts to connect. After 3 failures I ban the scanning host for 1
> > > hour. My ssh daemon runs on a non-standard port, so it's likely that I
> > > detect attempts to break in through ssh.
> > >
> > >
> > > ------------------------------------------------------------
> ------------------
> > > Check out the vibrant tech community on one of the world's most
> > > engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> > > _______________________________________________
> > > Fail2ban-users mailing list
> > > [email protected]
> > > https://lists.sourceforge.net/lists/listinfo/fail2ban-users
> >
> > ------------------------------------------------------------
> ------------------
> > Check out the vibrant tech community on one of the world's most
> > engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> > _______________________________________________
> > Fail2ban-users mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Fail2ban-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
